Xymon Mailing List Archive search

sshd notification in syslog

list Robert P. McGraw
Thu, 2 Mar 2006 14:19:12 -0500
Message-Id: <user-abb5d668c965@xymon.invalid>

I am having the same problem and trying to follow your instructions.

 
I ran

 
 ##R##-zorn->[227] ##> ssh -V

Sun_SSH_1.1, SSH protocols 1.5/2.0, OpenSSL 0x0090704f

 
To get the version number.

 
I also ran telnet host 22 and got back the following 

 
SSH-2.0-Sun_SSH_1.0.1

 
I have tried the following 

 
SSH-2.0-Sun_SSH_1.0.1

Sun_SSH_1.1

Sun_SSH_1.1, SSH protocols 1.5/2.0, OpenSSL 0x0090704f

 
as the version number with no luck. 

 
I keep getting the following message log.

 
Mar  2 14:03:47 zada.math.purdue.edu sshd[29349]: [ID 800047 auth.info] Bad
protocol version identification 'Sun_SSH_1.1

Mar  2 14:03:47 zada.math.purdue.edu ' from 128.210.3.176

 
The only change in the log message is the version identification string.

 
How do I find the right version number to use?

 
Thanks

 
Robert

 
Robert P. McGraw, Jr.

Manager, Computer System                                         EMAIL:
user-33cf07af04dd@xymon.invalid

Purdue University
ROOM: MATH-807

Department of Mathematics                                        PHONE:
(XXX) XXX-XXXX

XXX N. University Street
FAX: (XXX) XXX-XXXX

West Lafayette, IN XXXXX-XXXX            


From: user-bb3e9041f07f@xymon.invalid [mailto:user-bb3e9041f07f@xymon.invalid] 
Sent: Thursday, March 02, 2006 12:21 PM
To: user-ae9b8668bcde@xymon.invalid
Subject: [hobbit] RE: [SOLVED][hobbit] sshd notification in syslog

 
Thank you ! 

the second option (the one you preferred) was a good bet ! 
I added the lines as you indicate and that's solved my problem. 

Best regards, 

Thomas Seglard 

"Schwimmer, Eric E *HS" <user-1e1008b069d5@xymon.invalid> a écrit sur
02/03/2006 17:31:10 :

Three posibilities, off the top of my head:

On the client side:
1. Install syslog-ng instead of ksyslogd, and
   filter on the ip address of your hobbit server.
2. Call your logrotate script (assuming you use one)
   more often, and/or make it compress your old syslog
   messages.

On the hobbit server side:
(this is my preferred option)
1. change your bb-services file ($HOBBIT/server/etc/bb-services)
   so that ssh test sends the version string.  I think that will
   stop your sshd from complaining.

ie.:

[ssh|ssh1|ssh2]
   send "SSH-2.0-OpenSSH_4.1\r\n"
   expect "SSH"
   options banner
   port 22